CANADA COMPANIES COMBAT COMPUTER ATTACKS TO MEET GOVERNMENT REGULATIONS Globetechnology

PORTION OF EXTENSIVE ARTICLE....see full article at link

In Canada, banks and insurance companies have been security driven for a long time, but most other companies have been more reactive. That's changing as insurance costs have started to rise in response to recent high-profile cyberattacks and as the media focuses more closely on the phenomenon.

"Medium-sized businesses are finally getting it because the issue has been in their faces now for about two years," says Tom Slodichak, chief security officer of WhiteHat Inc., a Burlington, Ont.-based IT security provider.

New laws are appearing that place even greater responsibility on corporations to manage their computer networks securely. Any companies with U.S. reporting responsibilities now face tighter requirements under the Sarbanes-Oxley Act. Other laws may affect companies in specific sectors of the economy, such as the U.S. Health Insurance Portability and Accountability Act, which requires new safeguards to protect the security and confidentiality of health records.

At the start of the year, many Canadian businesses became subject to federal privacy legislation called the Personal Information Protection and Electronic Documents Act, which prohibits companies from collecting, using or disclosing personal data without the consent of the individual. It also requires that businesses assess their network risks and implement security controls to protect personal data.

Among the advice experts offer organizations: Do a critical assessment of operations to see where the real vulnerabilities lie and what's critical and sensitive. "Not all companies have to fortify like Fort Knox," Mr. Poelking says.